One word of warning about PBIS: It had (has?) a really fun bug with large domains. One of our domains has well over half a million objects, and at about 512k, it started using duplicate UIDs (so that multiple users had the same *nix UID). I think this is documented, but it's a small and easy-to-overlook thing.
In fairness, this was a couple years back, and it's possible they've resolved this issue by now. Just a subtle thing to look out for. Our *nix stuff is almost exclusively Red Hat. For RHEL6, we're using Centrify, and it was pretty simple to set up. For RHEL7, we'll likely just use the realmd stuff they provide, as for our simple use case it seems adequate. David Smith -----Original Message----- From: tech-boun...@lists.lopsa.org [mailto:tech-boun...@lists.lopsa.org] On Behalf Of Ted Cabeen Sent: Monday, August 08, 2016 6:43 PM To: Morgan Blackthorne <mor...@windsofstorm.net>; LOPSA Technical Discussions <t...@lopsa.org> Subject: Re: [lopsa-tech] Ubuntu and AD We use Likewise/PBIS, and it works well for us: https://www.powerbrokeropen.org/ --Ted On 2016-08-08 16:33, Morgan Blackthorne wrote: > So at $JOB we're running some Ubuntu 14.04 and 16.04 boxes that we'd > like to integrate with AD authentication. I've previously done this at > $JOB-2 with a mix of nss-ldap, sssd, and pam_ldap, but we were > supporting a lot of different distributions. > > What do folks find to be the easiest system to configure AD on Ubuntu? > I've tried a few different configs and haven't been able to get things > working, but I'm not sure what the status of the various projects is > and which one I should actually invest the time into getting working. > > Thanks for any suggestions. > > --Morgan > > > _______________________________________________ > Tech mailing list > Tech@lists.lopsa.org > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ > _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/ _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
